Spyware,Adware,Viruses and Hijack This Logs

Logfile of HijackThis v1.99.1
Scan saved at 11:23:50 PM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\MAKTray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\MAKHKEY.EXE
C:\WINDOWS\MidTrans.exe
E:\SMS510\prog\exec\wserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ZTE CDMA1X MODEM\Bin\FastConnect.exe
C:\Program Files\Netbooster Client\Configurator\ventcfg.exe
C:\Program Files\Netbooster Client\Client\ventc.exe
C:\Program Files\Netbooster Client\squid\ventcsquid.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
C:\Program Files\Netbooster Client\squid\ventcunlinkd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MicroSCADA.ELECTPP.002\Desktop\hijackthis .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clickmanu.com
F2 - REG:system.ini: Shell=Explorer.exe, System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, System
O1 - Hosts: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>404 Not Found</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=utf8" />
O1 - Hosts: <style type="text/css">
O1 - Hosts: body {
O1 - Hosts: font-family: Verdana, Arial, Helvetica, sans-serif;
O1 - Hosts: font-size: 12px;
O1 - Hosts: background-color:#367E8E;
O1 - Hosts: scrollbar-base-color: #005B70;
O1 - Hosts: scrollbar-arrow-color: #F3960B;
O1 - Hosts: scrollbar-DarkShadow-Color: #000000;
O1 - Hosts: color: #FFFFFF;
O1 - Hosts: margin:0;
O1 - Hosts: }
O1 - Hosts: a { color:#021f25; text-decoration:none}
O1 - Hosts: h1 {
O1 - Hosts: font-size: 18px;
O1 - Hosts: color: #FB9802;
O1 - Hosts: padding-bottom: 10px;
O1 - Hosts: background-image: url(sys_cpanel/images/bottombody.jpg);
O1 - Hosts: background-repeat: repeat-x;
O1 - Hosts: padding:5px 0 10px 15px;
O1 - Hosts: margin:0;
O1 - Hosts: }
O1 - Hosts: padding-left: 25px;
O1 - Hosts: padding-right: 25px;
O1 - Hosts: line-height: 18px;
O1 - Hosts: padding-top: 5px;
O1 - Hosts: padding-bottom: 5px;
O1 - Hosts: }
O1 - Hosts: h2 {
O1 - Hosts: font-size: 14px;
O1 - Hosts: font-weight: bold;
O1 - Hosts: color: #FF9900;
O1 - Hosts: padding-left: 15px;
O1 - Hosts: }
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <div id="body-content">
O1 - Hosts: <!-- start content-->
O1 - Hosts: <!--
O1 - Hosts: instead of REQUEST_URI, we could show absolute URL via:
O1 - Hosts: http://HTTP_HOST/REQUEST_URI
O1 - Hosts: but what if its https:// or other protocol?
O1 - Hosts: SERVER_PORT_SECURE doesn't seem to be used
O1 - Hosts: SERVER_PORT logic would break if they use alternate ports
O1 - Hosts: -->
O1 - Hosts: <h1>404 Not Found</h1>
O1 - Hosts: <p>The server can not find the requested page:</p>
O1 - Hosts: <blockquote>
O1 - Hosts: 72.232.108.82/~grimsby/images/button1.pdf (port 80)
O1 - Hosts: </blockquote>
O1 - Hosts: <p>
O1 - Hosts: Please forward this error screen to delta.g3network.co.uk's
O1 - Hosts: <a href="mailto:root@delta.g3network.co.uk?subject=Er ror message [404] 404 Not Found for 72.232.108.82/~grimsby/images/button1.pdf port 80 on Wednesday, 16-Apr-2008 18:28:09 BST">
O1 - Hosts: WebMaster</a>.
O1 - Hosts: </p>
O1 - Hosts: <hr />
O1 - Hosts: <ADDRESS>Apache/1.3.41 Server at delta.g3network.co.uk Port 80</ADDRESS>
O1 - Hosts: <!-- end content -->
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Netbooster Client\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [MAKTray] MAKTray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Explorer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MicroSCADA Wserver.LNK = E:\SMS510\prog\exec\wserver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'vwlsp.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{04AB4531-D0BB-401C-8F80-A93522065420}: NameServer = 202.138.103.100 202.138.96.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{04AB4531-D0BB-401C-8F80-A93522065420}: NameServer = 202.138.103.100 202.138.96.2
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Common Files\Stibo\RS_ProtocolHandler.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MicroSCADA - Unknown owner - E:\SMS510\prog\exec\serv.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe

You do not appear to be running an antivirus tool. That could create serious opportunity for malware infections. If you require such a tool please at least try the following free tool:

AVG: http://free.grisoft.com/doc/1




Get HostsXpert here:
http://www.funkytoad.com/download/HostsXpert.zip

• Unzip it to a convenient place and run the program.
• On the left-hand column:
  Click the ‘File Handling’ BUTTON.
  • If you see red text (‘Make Writeable?’) then press the ‘Make Writeable’ button.
  • Then press the ‘Restore MS Hosts file’ button and OK.
• Close the program.

The easiest way to fix the broken Internet chain is to download and use a freeware utility called LSPFix.exe:
http://cexx.org/lspfix.htm (copy to a floppy or pen drive, if necessary –182K file)

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.


If still no joy, download and run WinsockXPFix:
http://www.snapfiles.com/reviews/Win...sockxpfix.html
-----> Winsock repair utility designed for Windows XP.





You are using an outdated version of HijackThis. Please uninstall the current version and install latest version as per instructions below:


Click here to download HJTInstall.exe (Trend Micro HijackThis v2.0.2).

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\HijackThis.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch HijackThis.
  
  
• Click on the Do a system scan and save a logfile button.
  • It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.